CIS CYBERSECURITY ADVISORIES
MS-ISAC ADVISORY NUMBER:
Multiple Vulnerabilities in Adobe Reader and Adobe Acrobat Could Allow Remote Code Execution (APSB15-10)
Multiple vulnerabilities have been discovered in Adobe Reader and Adobe Acrobat. Adobe Reader and Acrobat are applications for handling PDF files. Attackers can exploit these issues to execute arbitrary code within the context of the affected application. Successful exploitation could result in an attacker compromising data security, potentially allowing access to confidential data, or could compromise processing resources in a user's computer. Failed exploit attempts will likely cause denial-of-service conditions.
There are currently no reports of these vulnerabilities being exploited in the wild.
- Adobe Reader XI (11.0.10) and earlier 11.x versions
- Adobe Reader X (10.1.13) and earlier 10.x versions
- Adobe Acrobat XI (11.0.10) and earlier 11.x versions
- Adobe Acrobat X (10.1.13) and earlier 10.x versions
- Large and medium government entities:High
- Small government entities:High
- Large and medium business entities:High
- Small business entities:High
Home users: High
Multiple vulnerabilities have been discovered in Adobe Reader and Adobe Acrobat that could potentially allow an attacker to take over the affected system.
- Use-after-free vulnerabilities that could lead to code execution (CVE-2015-3053, CVE-2015-3054, CVE-2015-3055, CVE-2015-3059, CVE-2015-3075)
- A heap-based buffer overflow vulnerability that could lead to code execution (CVE-2014-9160)
- A buffer overflow buffer overflow vulnerability that could lead to code execution (CVE-2015-3048)
- Memory corruption vulnerabilities that could lead to code execution (CVE-2014-9161, CVE-2015-3046, CVE-2015-3049, CVE-2015-3050, CVE-2015-3051, CVE-2015-3052, CVE-2015-3056, CVE-2015-3057, CVE-2015-3070, CVE-2015-3076)
- Addresses a memory leak issue (CVE-2015-3058)
- A null-pointer dereference pointer vulnerability which could cause denial of service conditions (CVE-2015-3047)
- A vulnerability that could be exploited to circumvent the same-origin policy (CVE-2014-8453)
- These updates provide additional hardening to protect against CVE-2014-8452, which is a vulnerability in the handling of XML external entities that could lead to information disclosure.
Successful exploitation could result in an attacker compromising data security, potentially allowing access to confidential data, or could compromise processing resources in a user's computer. Failed exploit attempts will likely cause denial-of-service conditions.
We recommend the following actions be taken:
- Install the updates provided by Adobe immediately after appropriate testing.
- Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.
- Remind users not to open e-mail attachments from unknown users or suspicious e-mails from trusted sources.
- Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.